-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 To ensure the image has not been corrupted in transmit or tampered with, perform the following two steps to cryptographically verify image integrity: 1. Verify the authenticity of this file by checking that it is signed with our GPG release key: $ curl https://raw.githubusercontent.com/turnkeylinux/common/master/keys/tkl-buster-images.asc | gpg --import $ gpg --list-keys --with-fingerprint release-buster-images@turnkeylinux.org pub rsa4096 2020-02-05 [SC] [expires: 2040-01-31] A8B2 EF42 8781 9B03 D351 6CCA 7623 1C20 425E 9772 uid [ unknown] TurnKey GNU/Linux Buster Images (GPG signing key for TurnKey Linux Buster Images) <release-buster-images@turnkeylinux.org> sub rsa4096 2020-02-05 [S] [expires: 2040-01-31] $ gpg --verify turnkey-gameserver-16.0-buster-amd64.iso.hash gpg: Signature made using RSA key ID A8B2EF4287819B03D3516CCA76231C20425E9772 gpg: Good signature from "0" 2. Recalculate the image hash and make sure it matches your choice of hash below. $ sha256sum turnkey-gameserver-16.0-buster-amd64.iso 3a7b5330545a617a9eb05a522fc066d0a59352321ce29ba8d9882e0f33a8b68d turnkey-gameserver-16.0-buster-amd64.iso $ sha512sum turnkey-gameserver-16.0-buster-amd64.iso 615b4cdfdb7c50084a86558c988acca07f663b76f93f0016627eae540ad9c7998375b86360a9ebbfff5d10d000c7615bbf76282a1d1c767333ca032661f28fd1 turnkey-gameserver-16.0-buster-amd64.iso Note, you can compare hashes automatically:: $ sha256sum -c turnkey-gameserver-16.0-buster-amd64.iso.hash turnkey-gameserver-16.0-buster-amd64.iso: OK $ sha512sum -c turnkey-gameserver-16.0-buster-amd64.iso.hash turnkey-gameserver-16.0-buster-amd64.iso: OK Final note, when checking SHAs automatically, please ignore warning noting that some lines are improperly formatted. -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE8ZCki1TcVrLH8k3LrF6wBJPlvBwFAl/YwacACgkQrF6wBJPl vBz+yhAAimA3TDHd3FF1MScgzx10q8wxn5b+NraI7eLfmVDi9agALZjvTS+R4Ih2 +dAtbVpE/dKrc776CNUO/sFtBw4hfTmyucKG6OYbIKJsiw4WeMfqxd1RdkhcGwJJ 4c5V1EQklmcscx8rKQNSRayXJHfsJ0DvtHIN6zokmHdpGb+qJLhx6dfP2owaNaB9 SaChZqWaeQqcBEgyGSXV6mScaNo8s6b1qG1ShaLrePIDln10OEWcqgHbffs4fYLH ptqlT/U13sWFxk8bMXMme1+TZg327UHBdMCavSCzxi4rr2D8Z6ealCtr9IzxItzL 0MvMj5R/u6DGhzLx8y2AkEHhVYNP4tz2FImazqlRCRi+CygIfCPCyYodqzg5tPso PbESstDOnprBfeadreMspZyuA/jELFDL9wHrIeJHpUXH1+MMMyx0uVgYHXC6kjEN MBTVyJe6fes1t24B6VVOJMjYxeLM29OmaWD4hAY8O5vb9IwgmnN24TsJNDySJUPX l/zQ8hmXxFzzRKiKyW4ifU/WC0j0Bk2WIWwPMYtmRKpxJxwZI3pZrxoDbp6C/k0L s5PRGCzSBbRTN5cA7YeP+24XFr8Z2nAIUeJf+7S/24fxqXabOVwpE2dB6oLHnkWH BLJGLTToVVoTmHs2iKgZRI6GkDrr33qMToqF1O4DYVP0kTn7RYQ= =q3aw -----END PGP SIGNATURE-----